This detection rule is designed to identify potential misuse of the Rundll32.exe process on Windows systems, particularly examining the loading of registered COM (Component Object Model) objects that may be used for malicious purposes such as privilege escalation or persistence. The rule checks for specific indicators when Rundll32.exe is invoked:, including file names, command line arguments, and patterns within the command line that suggest an attempt to load potentially malicious COM objects. The command line arguments ' -sta ' and ' -localserver ' are commonly associated with malicious activities when utilized in conjunction with COM objects. The rule, under a high severity level, aims to detect instances where threat actors exploit this process to mislead security measures and execute malicious payloads. False positives may arise from legitimate uses of the Rundll32.exe process in various applications. Therefore, the results from the detection should be validated to confirm malicious intent before taking corrective actions.